hyperliquid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries the public Hyperliquid API (e.g., SKILL.md tool flows using hl_market / hl_candles and client.py's _post to https://api.hyperliquid.xyz /info) and the agent consumes that external market/metadata to decide leverage, order sizing, and execution, so untrusted third‑party responses can materially influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading client for a DEX and exposes direct execution functions: placing perp and spot orders (hl_order, hl_spot_order, hl_tpsl_order), setting leverage (hl_leverage), cancelling/modifying orders, transferring funds between perp/spot (hl_transfer_usd), depositing and withdrawing USDC (hl_deposit, hl_withdraw) including withdrawing to arbitrary addresses, and signs orders with the agent's EVM wallet. These are specific financial-operation APIs (sending transactions, moving funds, executing market orders), not generic tooling. Therefore it grants direct financial execution authority.